Recent years have seen headline after headline about massive thefts of user data, including passwords, email addresses, and personal data. Anthem (80M accounts compromised), LinkedIn (117M) and Yahoo (1B) are just a few examples from the last year. Attackers are monetizing these accounts and credentials to harvest gift card, purchases and commit fraud on behalf of users, and resell credentials on the dark web. With all that, automated account takeover (ATO) attacks have boomed. Losses from ATO in the US alone are estimated at $2.3 billion in 2016, up 61%.
Armed with databases of users credentials and distributed automated tools, attackers are unleashing large advanced ATO attacks, that easily pass traditional security methods like Web Application Firewall (WAF), rate limiting and IP reputation based detections.
In this webinar we will present different advanced methods used by attackers to bypass existing protections, based on actual large scale attacks we have detected, and discuss new methods to detect and fight these kind of attacks and win the war against ATO.